The sync-site relabels its database at the end of the first write
transaction. The new label will be equal to the time at which the
sync-site in question first received its coordinator mandate. This time
is stored by a global called ubik_epochTime. In order to make sure that
the new database label is sane, only relabel the database if
ubik_epochTime is within a specific range.
Reviewed-on: https://gerrit.openafs.org/12640
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@dson.org>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit
f5c289d00aaf7c5525b477da5b89f6675456c211)
Change-Id: I78ebd2b8aeae01ef5e3b826ad6f1de5a5c1db79e
Reviewed-on: https://gerrit.openafs.org/12886
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
struct ubik_dbase *dbase;
afs_int32 code = 0;
struct ubik_version oldversion, newversion;
+ afs_int32 now = FT_ApproxTime();
if (atrans->flags & TRDONE)
return (UTWOENDS);
/* On the first write to the database. We update the versions */
if (ubeacon_AmSyncSite() && !(urecovery_state & UBIK_RECLABELDB)) {
UBIK_VERSION_LOCK;
+ if (version_globals.ubik_epochTime < UBIK_MILESTONE
+ || version_globals.ubik_epochTime > now) {
+ ubik_print
+ ("Ubik: New database label %d is out of the valid range (%d - %d)\n",
+ version_globals.ubik_epochTime, UBIK_MILESTONE, now);
+ panic("Writing Ubik DB label\n");
+ }
oldversion = dbase->version;
newversion.epoch = version_globals.ubik_epochTime;
newversion.counter = 1;
#include <lwp.h>
#endif
+/*! Sanity check: This macro represents an arbitrary date in the past
+ * (Tue Jun 20 15:36:43 2017). The database epoch must be greater or
+ * equal to this value. */
+#define UBIK_MILESTONE 1497987403
+
/*!
* \brief per-client structure for ubik
*/
projects / packages / o / openafs.git / commitdiff